SecPanel – Privilege Escalation (R911-0045)

Type: Privilege Escalation
Location: Local
Impact: Critical
Product: SecPanel
Website: http://www.secpanel.com
Vulnerable Version: v2.0.0
Fixed Version: v2.0.1
CVE:
R911: 0045
Date: 2013-07-22
By: www.rack911.com

Product Description:

SecPanel’s one click install hardens your server against the most common and dangerous attacks. You can manage your server’s security from a web based dashboard.

Vulnerability Description:

When the software is installed it adds a user to sudo allowing access to various functions. Unfortunately, there is a flaw that exposes the password in plain text that would ultimately allow an attacker to escalate their privileges to root access.

Proof of Concept:

Due to the nature of this security flaw, we will not be posting a Proof of Concept until a much later date.

Impact:

We have deemed this vulnerability to be rated as CRITICAL due to the fact that root access can be obtained.

Vulnerable Version:

This vulnerability was tested against SecPanel v2.0.0 and is believed to exist in all prior versions.

Fixed Version:

This vulnerability was patched in SecPanel v2.0.1.

Vendor Contact Timeline:

2013-07-11: Vendor contacted via email.
2013-07-12: Vendor confirms vulnerability.
2013-07-15: Vendor issues update.
2013-07-22: Rack911 issues security advisory.